The expansion of new methods of working -- like bring your own device, cloud computing and social media -- is changing the ways federal agencies and other organizations do business.

At the same time, security surrounding these emerging technologies is a major concern, a problem that is compounded by a significant shortage of information security professionals. The workforce shortage is negatively impacting organizations and their customers, leading to more frequent and costly data breaches, according to new research.

The new Global Information Security Workforce Study, released Monday by (ISC)2, Booz Allen Hamilton and Frost and Sullivan, found that more than 56 percent of cybersecurity professionals feel their security organizations are short-staffed. Executives lack a complete understanding on the need for security and are not able to locate enough qualified security professionals, leading to more frequent and costly data breaches. This is having a profound impact on the economy, the research found.

“Now, more than ever before, we’re seeing an economic ripple effect occurring across the globe as a result of the dire shortage of qualified information security professionals we’ve been experiencing in recent years,” said Hord Tipton, executive director of (ISC)2.

The survey of more than 12,000 information security professionals worldwide also found that hactivism (43 percent), cyber-terrorism (44 percent) and hacking (56 percent) were among the top concerns identified. Security concerns also are high for new mobility initiatives like BYOD and cloud computing. Concerns with social media are significantly lower than in 2011, in part thanks to security technologies and policy changes, the study found.

The study also concluded that the information security field is stable and growing, with a projected 11 percent growth annually over the next five years. In addition, more than 80 percent of cyber professionals had no change in employer or employment in the past year, and 58 percent of respondents reported receiving a raise last year.

When looking for a job, information security professionals touted the benefits of having knowledge and certification in their job search. Nearly 70 percent said they view certification as a reliable indicator of competency when hiring, and nearly half (46 percent) of organizations require certification. Sixty percent of those surveyed said they plan to obtain a certification in the next 12 months, with the CISSP certification being the most in-demand.

“Given the severity of cyber espionage, hactivism and nation-state threats, the time is now for the public and private sectors to join forces to close this critical gap,” Tipton said. “We must focus on building a skilled and qualified security workforce that is equipped to handle today’s and tomorrow’s most sophisticated cyber threats."

The U.S. government-specific results of the study will be featured in a separate report to be released in late March, (ISC)2 said.

recommended for you

Brittany Ballenstedt writes Nextgov's Wired Workplace blog, which delves into the issues facing employees who work in the federal information technology sector. Before joining Nextgov, Brittany covered federal pay and benefits issues as a staff correspondent for Government Executive and served as an associate editor for National Journal's Technology Daily. She holds a bachelor's degree in journalism from Mansfield University and originally hails from Pennsylvania. She currently lives near Travis Air Force Base, Calif., where her husband is stationed.

FROM OUR SPONSORS

sponsored

JOIN THE DISCUSSION

By using this service you agree not to post material that is obscene, harassing, defamatory, or
otherwise objectionable. Although Nextgov does not monitor comments posted to this site (and has
no obligation to), it reserves the right to delete, edit, or move any material that it deems to
be in violation of this rule.

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

Data-Centric Security vs. Database-Level Security

Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.